From 4a039197705f92ee1c362401a7f7bb834ecc9079 Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jk@ozlabs.org>
Date: Thu, 9 Oct 2008 22:49:18 +1100
Subject: [PATCH] [sql] use separate grant-all scripts for postgresql and mysql

Mysql doesn't support granting to multiple tables, and requires a
different username format.

Would be nice to code the permissions somewhere, then generate the
grant statements as required.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
 docs/INSTALL                                  | 23 +++++++-----
 lib/sql/grant-all.mysql.sql                   | 35 +++++++++++++++++++
 .../{grant-all.sql => grant-all.postgres.sql} |  0
 3 files changed, 50 insertions(+), 8 deletions(-)
 create mode 100644 lib/sql/grant-all.mysql.sql
 rename lib/sql/{grant-all.sql => grant-all.postgres.sql} (100%)

diff --git a/docs/INSTALL b/docs/INSTALL
index 8f3aab9..05fea7c 100644
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -29,16 +29,21 @@ in brackets):
     user that your mail server runs as). On Ubuntu these are
     www-data and nobody, respectively.
 
-      PostgreSQL:
-        createdb patchwork
-        createuser www-data
-        createuser nobody
+    For PostgreSQL
 
-      MySQL:
+        $ createdb patchwork
+        $ createuser www-data
+        $ createuser nobody
+
+	- postgres uses the standard UNIX authentication, so these users
+	  will only be accessible for processes running as the same username.
+	  This means that no passwords need to be set.
+
+     For MySQL:
         $ mysql
 	> CREATE DATABASE 'patchwork';
-        > INSERT INTO user (Host, User) VALUES ('localhost', 'www-data');
-        > INSERT INTO user (Host, User) VALUES ('localhost', 'nobody');
+        > CREATE USER 'www-data'@'localhost' IDENTIFIED BY '<password>';
+        > CREATE USER 'nobody'@'localhost' IDENTIFIED BY '<password>';
 
 2. Django setup
 
@@ -99,8 +104,10 @@ in brackets):
 	And add privileges for your mail and web users:
 
 	Postgresql:
-	  psql -f lib/sql/grant-all.sql patchwork
+	  psql -f lib/sql/grant-all.postgres.sql patchwork
 
+	MySQL:
+	  mysql patchwork < lib/sql/grant-all.mysql.sql
 
 
 3. Apache setup
diff --git a/lib/sql/grant-all.mysql.sql b/lib/sql/grant-all.mysql.sql
new file mode 100644
index 0000000..4dd6efb
--- /dev/null
+++ b/lib/sql/grant-all.mysql.sql
@@ -0,0 +1,35 @@
+BEGIN;
+-- give necessary permissions to the web server. Becuase the admin is all
+-- web-based, these need to be quite permissive
+GRANT SELECT, UPDATE, INSERT, DELETE ON	auth_message TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_session TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_site TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_admin_log TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_content_type TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group_permissions TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_groups TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_user_permissions TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON auth_permission TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userpersonconfirmation TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_state TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_comment TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_person TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile_maintainer_projects TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_project TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle_patches TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patch TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON registration_registrationprofile TO 'www-data'@localhost;
+
+-- allow the mail user (in this case, 'nobody') to add patches
+GRANT INSERT, SELECT ON patchwork_patch TO 'nobody'@localhost;
+GRANT INSERT, SELECT ON patchwork_comment TO 'nobody'@localhost;
+GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost;
+GRANT SELECT ON	patchwork_project TO 'nobody'@localhost;
+GRANT SELECT ON patchwork_state TO 'nobody'@localhost;
+
+COMMIT;
+
diff --git a/lib/sql/grant-all.sql b/lib/sql/grant-all.postgres.sql
similarity index 100%
rename from lib/sql/grant-all.sql
rename to lib/sql/grant-all.postgres.sql
-- 
2.39.2